In 2023, the SEC finalized its cyber disclosure rules, requiring public companies to provide “decision-useful” information about incidents, as well as updates on cyber risk management, strategy, and governance.
For leaders, this requires an understanding of cyber strategies so they can be accurate when reporting to the board or producing annual disclosures.
In addition to the SEC requirement, companies should also be aware of cybersecurity regs like the New York State Department of Financial Services Part 500 regulation, the EU’s General Data Protection Regulation, and the California Consumer Privacy Act.
Along the same lines, cyber insurance policies should be re-checked to ensure coverage of lost revenue, legal expenses and ransom payments.
Also, many insurers are limiting coverage. Common exclusions can include losses from insider threats, attacks exploiting known vulnerabilities, and breaches of third-party vendors.
For more information, go to netsuite.com
